<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
Introducing use of the `tpl` function into _"gitea.actions.local_root_url"_ (in `_helpers.tpl`) so templating into the `giteaRootURL` parameter can be interpreted.
Hence, it will permit the use of values already set in other parameters.
### Benefits
To allow in an umbrella chart referencing to other values for setting the Gitea Root URL
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes #
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
- N/A
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
Co-authored-by: 212597596 <cedric.henry@gevernova.com>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/74
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
Co-committed-by: Ceddaerrix <ceddaerrix@noreply.gitea.com>
### Description of the change
This switches the dind daemon to socket mode which allows default docker config in workflows.
If also simplifies the statefulset by leveraging sidecar containers and probes to replace the inline bash script
### Benefits
No need to override docker configs in workflows. Enable use of buildx
### Possible drawbacks
EOL kubernetes versions i.e before 1.29 may not support sidecar containers
### Applicable issues
- Fixes#40
- Fixes#27
### ⚠ BREAKING
Switches Docker client to socket mode instead of TCP. Any workflows that override the default docker client config will need to be updated.
### Checklist
- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [x] Breaking changes are documented in the `README.md`
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [x] Bash unittests are added (required when changing anything in `scripts` folder)
- [x] All added template resources MUST render a namespace in metadata
Co-authored-by: ThisIsQasim <18313886+ThisIsQasim@users.noreply.github.com>
Co-authored-by: ChristopherHX <christopherhx@noreply.gitea.com>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/46
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: thisisqasim <thisisqasim@noreply.gitea.com>
Co-committed-by: thisisqasim <thisisqasim@noreply.gitea.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
This patch adds the ability to **customize the `SecurityContext`** for the `statefulset` of the Gitea Actions `act_runner`.
This allows users to configure pod-level security settings, such as `fsGroup` and `fsGroupChangePolicy`.
The patch introduces `statefulset.podSecurityContext` as a new configurable parameter.
### Benefits
<!-- What benefits will be realized by the code change? -->
This change makes the chart more configurable for different kinds of deployment scenarios.
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes #
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
* The patch only adds the ability to customize the `podSecurityContext` for the `statefulset`. It does not modify any other security settings or introduce new features beyond this customization.
* The default value for `statefulset.podSecurityContext` is an empty object `{}`, meaning no security context is applied unless the user explicitly defines it.
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
- [X] All added template resources MUST render a namespace in metadata
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/62
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Stephen Sullivan <sjsullivan7@gmail.com>
Co-committed-by: Stephen Sullivan <sjsullivan7@gmail.com>
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency versions.
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xOC4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsia2luZC9kZXBlbmRlbmN5Il19-->
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/67
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
Changes the default repository path for the act runner image from gitea/act_runner to act_runner
### Benefits
<!-- What benefits will be realized by the code change? -->
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes#65
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
- [X] All added template resources MUST render a namespace in metadata
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/66
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Stephen Sullivan <sjsullivan7@gmail.com>
Co-committed-by: Stephen Sullivan <sjsullivan7@gmail.com>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
This patch adds a new configuration option, statefulset.actRunner.extraEnvs, to the Gitea act runner Helm chart. This new parameter is an array that allows users to define custom environment variables for the act-runner container within the StatefulSet.
### Benefits
<!-- What benefits will be realized by the code change? -->
Enables users of the chart to specify additional environment variables for the act-runner container.
This can be useful for cases where a user may want to customize the act-runner via environment variables.
### Possible drawbacks
<!-- Describe any known limitations with your change -->
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes #
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
- [X] All added template resources MUST render a namespace in metadata
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/63
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Stephen Sullivan <sjsullivan7@gmail.com>
Co-committed-by: Stephen Sullivan <sjsullivan7@gmail.com>
### Description of the change
Allow to insert the act_runner config as yaml into the chart values.
### Benefits
Yaml editor will report yaml errors, instead of the deployed runner.
### Possible drawbacks
No limitations, string config works like before.
### Applicable issues
N/A
### Additional information
Usage like this, just omit the block scalar token
```yaml
enabled: true
statefulset:
actRunner:
# See full example here: https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml
config:
log:
level: debug
cache:
enabled: false
container:
valid_volumes:
- /var/run/docker.sock
options: -v /var/run/docker.sock:/var/run/docker.sock
## Specify an existing token secret
##
existingSecret: "runner-token2"
existingSecretKey: "token"
## Specify the root URL of the Gitea instance
giteaRootURL: "http://192.168.1.2:3000"
```
I do not like the regex test approach, but I didn't come up with a better one. I wish that I can parse the nested yaml in the helm tests.
### ⚠ BREAKING
N/A
### Checklist
- [x] Helm templating unittests are added (required when changing anything in `templates` folder)
- [x] All added template resources MUST render a namespace in metadata
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/43
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Co-committed-by: Christopher Homberger <christopher.homberger@web.de>
<!--
Before you open the request please review the following guidelines and tips to help it be more easily integrated:
- Describe the scope of your change - i.e. what the change does.
- Describe any known limitations with your change.
- Please run any tests or examples that can exercise your modified code.
Thank you for contributing! We will try to review, test and integrate the change as soon as we can.
-->
### Description of the change
<!-- Describe the scope of your change - i.e. what the change does. -->
The change modifies how container images are managed in the Gitea Helm chart for Gitea Actions. Instead of using a simple string concatenation for image names, the patch introduces a more flexible templating approach. It adds three new templates in `_helpers.tpl`:
* `gitea.actions.actRunner.image`: Constructs the full image name for the Gitea Actions Act Runner.
* `gitea.actions.dind.image`: Creates the image name for the DinD (Docker-in-Docker) container.
* `gitea.actions.init.image`: Generates the image name for the Init container.
These templates build the image name dynamically using values from `values.yaml` and the chart's metadata. The logic prioritizes a full image override, a specified registry, or a default repository and tag.
The patch also updates `statefulset.yaml` to use these new templates for the `init-gitea`, `act-runner`, and `dind` containers. Additionally, `values.yaml` is updated to include new, optional parameters for each image, such as `registry`, `digest`, and `fullOverride`, providing more granular control over the image source.
### Tests and Examples
To test this change, you can use `helm template` with different configurations in a `values.yaml` file to observe the resulting Kubernetes manifest.
#### Example 1: Default configuration
With no changes to the new fields in `values.yaml`, the image names should resolve to the defaults:
* **Act Runner**: `docker.gitea.com/gitea/act_runner:0.2.13`
* **DinD**: `docker:28.3.3-dind`
* **Init**: `busybox:1.37.0`
#### Example 2: Using a `fullOverride`
If you set `fullOverride` for the `actRunner` like this via CLI
```shell
helm template test . \
--set giteaRootURL=https://localhost/gitea \
--set existingSecret=test --set existingSecretKey=test \
--set enabled=true \
--set statefulset.actRunner.fullOverride="my.private.registry/custom-gitea-runner:latest"
```
The `statefulset.yaml` for the `act-runner` container will have its image field set to `my.private.registry/custom-gitea-runner:latest`.
```
- name: act-runner
image: "my.private.registry/custom-gitea-runner:latest"
```
#### Example 3: Using a custom `registry` and `digest`
```shell
helm template test . \
--set giteaRootURL=https://localhost/gitea \
--set existingSecret=test --set existingSecretKey=test \
--set enabled=true \
--set statefulset.dind.registry="quay.io" \
--set statefulset.dind.digest="sha256:abcdef123456"
```
The `statefulset.yaml` for the `dind` container will have its image field set to `quay.io/docker:28.3.3-dind@sha256:abcdef123456`.
```
- name: dind
image: "quay.io/docker:28.3.3-dind@sha256:abcdef123456"
```
#### Example 4: Using the `global.imageRegistry`
If you set global.imageRegistry
```shell
helm template test . \
--set giteaRootURL=https://localhost/gitea \
--set existingSecret=test --set existingSecretKey=test \
--set enabled=true \
--set global.imageRegistry=quay.io
```
The `statefulset.yaml` for each container will have the following values
* **Act Runner**: `quay.io/gitea/act_runner:0.2.13`
* **DinD**: `quay.io/docker:28.3.3-dind`
* **Init**: `quay.io/busybox:1.37.0`
### Benefits
<!-- What benefits will be realized by the code change? -->
There are no known limitations with this change. The new templating approach makes the chart more adaptable and configurable, offering more control than the previous method.
### Possible drawbacks
<!-- Describe any known limitations with your change -->
Increased configuration complexity
### Applicable issues
<!-- Enter any applicable Issues here (You can reference an issue using #). Please remove this section if there is no referenced issue. -->
- Fixes#58
### Additional information
<!-- If there's anything else that's important and relevant to your pull request, mention that information here. Please remove this section if it remains empty. -->
### ⚠ BREAKING
<!-- If there's a breaking change, please shortly describe in which way users are affected and how they can mitigate it. If there are no breakings, please remove this section. -->
### Checklist
<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [X] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [X] Helm templating unittests are added (required when changing anything in `templates` folder)
- [X] All added template resources MUST render a namespace in metadata
Co-authored-by: Christopher Homberger <christopher.homberger@web.de>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/61
Reviewed-by: Ross Golder <rossigee@noreply.gitea.com>
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: Markus Pesch <volker.raschek@noreply.gitea.com>
Reviewed-by: ChristopherHX <christopherhx@noreply.gitea.com>
Co-authored-by: Stephen Sullivan <sjsullivan7@gmail.com>
Co-committed-by: Stephen Sullivan <sjsullivan7@gmail.com>
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://github.com/actions/checkout) | action | major | `v4` -> `v5` |
| [actions/checkout](https://github.com/actions/checkout) | action | major | `v4.2.2` -> `v5` |
---
### Release Notes
<details>
<summary>actions/checkout (actions/checkout)</summary>
### [`v5`](https://github.com/actions/checkout/compare/v4...v5)
[Compare Source](https://github.com/actions/checkout/compare/v4...v5)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - Only on Sunday and Saturday ( * * * * 0,6 ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xOC4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsia2luZC9kZXBlbmRlbmN5Il19-->
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-actions/pulls/53
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com>
Reviewed-by: DaanSelen <daanselen@noreply.gitea.com>
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Renovate Bot <renovate-bot@gitea.com>
Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
